Radio transmission is by nature more prone to eavesdropping and fraud than fixed wire transmission. Listening to communications is easy and does not require access to special locations. The GSM cellular system has alleviated this problem by introducing authentication and encryption or ciphering. Next the GSM authentication and ciphering procedures are explained shortly in reference with FIG. 1. More details can be found for example in Mouly et. al.: “The GSM system for mobile communications”.
FIG. 1 illustrates current GSM system incorporated with a general packet radio or GPRS network. The complete network comprises three different functional sub-networks, a Radio Access Network, a Circuit Switched or first core network, and a Packet Switched or second core network. The Radio access network comprises Base Station Controllers or BSC's 30 (only one is shown) and Base Stations or BS's 20. The first core network comprises Mobile Switching Centers with Visitor Location Register or MSC/VLR 40 and Home Location Register with Authentication Center or HLR/AuC 50. The first core network comprises additional MSC/VLR's and HLR/AuC's, which are not shown for the sake of simplicity. The second core network comprises Serving General packet Service Node or SGSN 60. The second core network comprises additional General packet Service Nodes or GSN's, which are not shown for the sake of simplicity. The both core networks may share a common Home Location Register with Authentication Center or HLR/AuC 50.
When a User Equipment UE (or Mobile Station MS) 10 accesses the first core network it registers itself in the MSC/VLR 40. After receiving a registration request or a service request from the mobile, MSC/VLR 40 transmits to HLR/AuC a request including IMSI to acquire authentication triplets consisting of RAND, SRES and Kc1. In GSM the MM or the mobility management protocol implements the functionality for the authentication. The triplets are of a predetermined length and calculated by using a secret key Ki, known only to the authentication center and the SIM card in the mobile. After receiving the triplets from HLR/AuC, the MSC/VLR sends the challenge, RAND, to the MS in an authentication request to authenticate that particular MS. As part of the successful registration, the MSC/VLR updates the location of the MS to HLR and downloads the subscriber data from HLR.
The mobile 10 has the secret key Ki in its SIM card. The secret key Ki is stored on subscription by the operator and is not visible for the users of the mobile or for any other party for that matter. It is identical to the secret key Ki stored in the Authentication Center. The secret key Ki is applied together with the random number RAND into a predetermined algorithm called A3 to produce a signed response SIZES. The mobile 10 then transmits a message containing SIZES to the MSC/VLR 40, which compares it with the SIZES received from the AuC. If the comparison is successful, the mobile 10 is authenticated and allowed to access the network. At the same time with calculating the SIZES, the mobile applies RAND and Ki to another predetermined algorithm called A8 to produce the ciphering key Kc1. If the authentication was successful and the network should so decide, all subsequent transmissions with the mobile 10 over the air interface are ciphered.
For this the MSC/VLR transmits the ciphering key Kc1 to the BSC which is in communication with the mobile 10, and the BSC subsequently delivers the Kc1 further to the BTS communicating with the MS and the ciphering or encryption takes place in the base station and the mobile according to yet another predetermined algorithm, for example A5. Once MSC/VLR has decided that ciphering will be used, the BSC makes a decision up on the actual algorithm. In GSM there are currently two ciphering algorithms to select from.
If the mobile wants to access the second core network it registers itself in the SGSN 60. The procedure for authentication is similar to the procedure with the first core network, with the exception that the ciphering key Kc2 is not transmitted to the base station (BSS part of the system) currently in communication with the mobile 10. In other words, the ciphering takes place in SGSN and in MS. The SGSN 60 retains the ciphering key Kc2 within itself and performs the ciphering.
Thus, the prior art system uses different ciphering keys for ciphering the communications with two different core networks and the ciphering is applied to two different radio connections as the radio channels used for communicating with MSC and SGSN are distinct. As a result, a GSM MS having simultaneous communications with both MSC and SGSN utilizes two ciphering keys on two different radio channels or connections having both their own independent control in the network.
The fact that the ciphering and the control of the ciphering takes place at different locations, may cause consistency problems. The fact that radio access network is not able to access the signalling messages of the second core network at all, may turn out to be problematic in future networks, when all radio recourses used by a specific user should be managed in conjunction in a system having two CN nodes controlling the ciphering. In this case, the radio resources reserved for simultanous connections to MSC and SGSN should be managed by a single entity in the radio access network part of the system, but still there would be two entities controlling the ciphering.
It is proposed that in UMTS there will be only one RRC or radio resource control protocol, controlling both the connection to the MSC and to the SGSN. If only one key is used at a time for both connections, the problem is, how to communicate to the other CN node that its key is not going to be used. Yet another problem, relates to handovers controlled by a CN entity.
It is therefore an object of the present invention to efficiently manage the ciphering keys and algorithms for ciphering and deciphering user data communicated between different core networks and a mobile station.
It is another object of the present invention to efficiently manage the ciphering keys and algorithms for ciphering and deciphering signalling data communicated between different core networks and a mobile station.
It is still another object of the present invention to efficiently transfer the ciphering parameters when the serving radio network controller is handed over to another radio network controller, which then becomes a new serving radio network controller.